CiD Popups
- Thread starter miken68
- Start date
- Status
kitty500cat
Posts: 1,391 +6
Hello mike and welcome to TechSpot. :wave:
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx
Now go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.
Regards
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx
Now go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.
Regards
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
kitty500cat
Posts: 1,391 +6
OK, no problem. Go into Add/Remove Programs on your Control Panel and remove anything having to do with Viewpoint.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.
Delete the following bold files/folders (if there):
C:\Program Files\Viewpoint <--delete the entire folder
C:\Documents and Settings\All Users\Application Data\Window Gpl Wave Bait
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Mike\Application Data\Ballaboutmix
Now rehide your protected files and attach a new NoLop log, along with fresh HijackThis, AVG Antispyware, and ComboFix logs.
Regards
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.
Delete the following bold files/folders (if there):
C:\Program Files\Viewpoint <--delete the entire folder
C:\Documents and Settings\All Users\Application Data\Window Gpl Wave Bait
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Mike\Application Data\Ballaboutmix
Now rehide your protected files and attach a new NoLop log, along with fresh HijackThis, AVG Antispyware, and ComboFix logs.
Regards
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Mpeg soap.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Wave Bait Fork Mfcd] C:\Documents and Settings\All Users\Application Data\Window gpl wave bait\Mpeg soap.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\All Users\Application Data\Window gpl wave bait<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard :wave: :wave:
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Mpeg soap.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Wave Bait Fork Mfcd] C:\Documents and Settings\All Users\Application Data\Window gpl wave bait\Mpeg soap.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\All Users\Application Data\Window gpl wave bait<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard :wave: :wave:
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Already deleted all quarantined files, sorry posted an earlier log.
Deleted the first two infected files on HiJackThis
This file keeps coming back everytime I rescan:
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Everything else is good
Here is an updated log file
Deleted the first two infected files on HiJackThis
This file keeps coming back everytime I rescan:
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Everything else is good
Here is an updated log file
howard_hopkinso
Posts: 21,238 +17
Post a HJT log from normal mode please.
Regards Howard
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Download the Cwshredder programme.
Launch the executable, accept the agreement, and then click "Check for Update"
Download and install any updates.
Now, close any open windows except for CWShredder and then click "Fix ->"
You'll see three lines starting with "Restoring" to let you know the scan is finished (It should take about a minute to run), then click "Next ->"
Please reboot the computer.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Click on the fix checked button.
Close HJT and reboot your system again.
Post a fresh HJT log.
Regards Howard
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the Cwshredder programme.
Launch the executable, accept the agreement, and then click "Check for Update"
Download and install any updates.
Now, close any open windows except for CWShredder and then click "Fix ->"
You'll see three lines starting with "Restoring" to let you know the scan is finished (It should take about a minute to run), then click "Next ->"
Please reboot the computer.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O18 - Filter hijack: text/html - (no CLSID) - (no file)
Click on the fix checked button.
Close HJT and reboot your system again.
Post a fresh HJT log.
Regards Howard
This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
-
Google is cracking down on third-party apps that block YouTube ads- Athlonite replied
-
New charging algorithm could double life of li-ion batteries- Endymio replied
